As used in this application, the phrase “legacy security system” is used to describe an already-installed electronic security system that controls access to physical devices, areas, or computer systems. The word “token” is used to describe a device, such as an identification badge, a smart card, a magnetic stripe card, a bar-coded badge, a radio frequency identification (RFID) tag, or an identification chip carried by a person and used to identify that person to an electronic system for the purpose of gaining access to physical devices, areas, computer files, or computer systems. A “key” or “credential” is data held in the token that is transferred or presented to establish a claimed identity and/or the authorizations of a system entity. A “portal” is an entrance, entrance point, or means of entrance, such as a physical doorway, gate, or a computer interface for gaining access to a program, database, or computer system. A “control panel” is a device that controls access to a portal and is operable to receive information from electronic keys or credentials from a remotely-located token reader and, by reference to an access rights list, database, and/or schedule, determine whether access should be granted or denied to the token holder. The phrase “control panel” is not limited to control apparatuses housed in what might conventionally be regarded as a “panel,” but also encompasses integral control units and apparatuses situated on a board, a rack, or inside a box or other enclosure.
A typical access control system in use today has two main parts: (1) an access rights administration and badging station and an (2) authorization and privilege control system. The access rights administration system and badging station is used to issue new tokens to users and assign, modify, or remove access rights. Typically, the authorization and privilege control system comprises one or more control panels (sometimes called “field panels”) installed in secure areas (such as control panel closets) that may be remote from the door/portal areas. Each control panel is connected via sets of wires to between one and four (sometimes more) token readers.
There are a wide variety of legacy security systems in use today. Different legacy systems use a wide range of different, non-interoperable brands and styles of electronic tokens. The tokens used in many legacy systems today are simple magnetic stripe or bar code cards, or radio frequency proximity devices, that have limited credential serialization capability (often dedicating no more than 16 bits, or 65,536 possible unique numbers, to the credential) and lack effective security against duplication or tampering.
Furthermore, many legacy systems are administered over non-public communications lines or networks using customized software. The communications systems and databases used to collect audit data and manage access rights often provide no network capability or are too insecure for use on a public network.
Many companies have different and incompatible legacy security systems in operation at different buildings. Consequently, these companies sometimes issue certain employees multiple badges so that they can access multiple systems. Efforts to make different legacy security systems work together may be hampered by the limited number of tokens or credentials that the legacy systems can support, the limited number of tokens that can be retained in the local memory of the door control hardware, the lack of standardization of keys and network communications, and the limited capabilities of legacy system servers to support a wide token management scope.
In summary, there are very few common, industry-wide specifications for the hardware design, authentication routines, credential format, hardware communication, and access rights administration of access control systems. But there is one prominent exception. Most access control and security systems in use today use an industry standard communications protocol called “Wiegand” to interface card (and other token) readers with their control panels. In October 1996, the Security Industry Association (SIA) promulgated the “Access Control Standard Protocol for the 26-bit Wiegand Reader Interface,” which is herein incorporated by reference. This standard provides electrical specifications necessary for communications between Wiegand card readers and security, access control, and other related control panels. Any card reader built in accordance with this standard should be able to operate with any control panel built in accordance with this standard.
The Wiegand protocol provides two data channels, called Data Zero and Data One, that share a common ground, for sending binary serial data streams. Each pulse on the Data Zero wire represents a zero bit. Each pulse on the Data One wire represents a one bit. The SIA's Wiegand protocol provides that the Data One and Data Zero signals should normally be held at a logic high level unless the reader is ready to send a data stream. The reader places asynchronous low going pulses (pulses that change from a higher voltage level to a lower voltage level) on the appropriate data lines to transmit a serial data stream to the panel. The SIA's Wiegand protocol provides that each low going pulse should have a width of between 20-100 microseconds. The interval between any two pulses should range between 200 microseconds and 20 milliseconds.
The SIA's Wiegand protocol also provides minimal specifications for the data format of the serial data stream that is communicated from a card reader to the control panel. Of a 26-bit Wiegand data stream, the first bit is an even parity bit calculated over the succeeding 12 code bits, the next 24 bits are code bits, and the last bit is an odd parity bit calculated over the preceding 12 code bits. The SIA standard provides that the data format within the 24 code bits, including the partitioning of the bit and the designation of the most and least significance bits, is subject to definition by the panel and reader manufacturers and may remain proprietary. With most card readers, the first 8 code bits represent a facility or site code and the other 16 code bits represent the card key.
The limitations inherent in the vast patchwork of legacy access control systems in use throughout the United States today are keenly felt by the nation's emergency planning coordinators. The events of Sep. 11, 2001, revealed a need to provide emergency personnel in the region, especially firefighters and medical practitioners from surrounding areas, with prompt and unchaperoned access to hospital emergency rooms near the impact zone. Such personnel would not normally need to have unchaperoned access to these areas. Today, it would generally be unfeasible, for a centrally located hospital equipped with a typical low-capacity legacy system, to issue thousands of legacy tokens to the emergency response personnel of the surrounding region.
In recent years, the Department of Defense and other government agencies have developed common specifications and a technology migration plan for upgrading existing access control systems with the goal of making tokens used for Agency A's security system interoperable with Agency B's security system.
Many institutions, companies and agencies, however, have already invested significantly in their existing legacy security systems. Replacing these legacy security systems with completely new security systems is expensive and disruptive. Replacement costs include installing new wires between the new token readers and the new control panels and installing expensive new electronic locks, door strikes, and other barrier mechanism activation devices. Furthermore, new tokens must be issued to all existing employees, and access rights and schedules assigned to all the new tokens.
One conceivable alternative to complete replacement (and not necessarily disclosed in the prior art) would be to install a parallel access control system that shares direct electrical control of the physical door locks and door status switches. In other words, the parallel access control system and the legacy control system would share access to the magnetic lock mechanism, the “door ajar” switch, and the “request to exit” pushbutton or switch. This alternative, however, would have several disadvantages. First, all of the door wiring (as many as 16 conductors) between the control panels and the door would have to be duplicated. Second, sharing the door switches and electronic lock operation would essentially constitute a “science project” at each new door, consuming many costly man-hours. Because there are no universal standards for how these switches are wired or for the communications protocols used to operate and communicate with them, the circuitry required to share such access would likely vary from one legacy system to the next. Boxes with special custom “helper” circuitry and expensive power supplies and relays would have to be built for the parallel systems. Third, the parallel installation would likely void many existing legacy system service contracts and warranties.
Thus, there is a need to provide an auxiliary access rights administration system with greatly expanded key capabilities, greater key/token security, and secure network administration capabilities. There is also a need to avoid the disruption typically associated with replacing the legacy security system. Finally, it is also desirable to make use of as much of the hardware of the legacy security system. Prior art efforts to meet these needs have fallen short.
U.S. Pat. No. 5,679,945 to Renner et al., entitled “Intelligent Card Reader Having Emulation Features,” describes a smart card reader that can replace a legacy magnetic-stripe card reader, and yet remain compatible with the legacy controller by emulating the communication manner of the legacy card reader. Renner teaches that “a [legacy] Wiegand effect card coded in a particular manner can be replaced with a smart card onto which the same code is stored.” Col. 6, lines 1-3. “The intelligent card reader reads the preprogrammed code from the smart card, converts the code into Wiegand effect signals, and transmits the Wiegand effect signals over wires to an external device which normally expects to receive such signals.” Col. 6, lines 5-10.
Renner's system, however, does not increase the number of keys that the combined security system can handle. If the legacy system is limited to 65,536 unique access codes, the combined security system will be equally limited. Renner's smart card reader is also installed as a replacement for the legacy card reader. When the legacy card reader is removed, smart cards must be issued to any person needing access to the portal controlled by the smart card reader. Furthermore, Renner's smart card readers are designed for installation in insecure areas, making the security system more vulnerable to attack or vandalism.
U.S. Patent Application No. 2005/0127172 A1 to Merkert, Sr., entitled “Access System,” addresses the last of the vulnerabilities mentioned above. Merkert essentially takes Renner's smart card reader and splits it into two components—a new reader intended for installation in the door area, and a signal processor intended for installation in a secure area near the legacy control panel. Merkert's system essentially makes the keys of the legacy system more secure. But Merkert's system, like Renner's system, does not increase the number of keys that the combined security system can handle. If the legacy system is limited to 65,536 unique access codes, the combined Merkert/legacy security system will be equally limited. Also, a party who installs the security systems taught by Merkert would have to use the legacy system's rights management and scheduling software to assign access rights to the credentials carried by the new smart cards.
Merkert also fails to teach or suggest providing tandem access to portals from both a legacy card reader and a newer, more capable smart card reader. Rather, Merkert, like Renner, teaches installing a smart card reader as a total replacement for the legacy card reader. Consequently, smart cards would have to be issued to any person needing access to the portal controlled by the smart card reader.